Smart Phones: A Growing Concern

By: Chris Marshall

Smart phones are becoming more powerful with every new feature that is released. This is not only attractive to businesses, but also younger generations. As we incorporate smart phones with more sensitive information, it creates a much greater vulnerability to information theft. Securing that sensitive information is often not considered, especially with younger smart phone users. The possibility that your corporate email, personal pictures, or other personal information could easily be stolen greatly increases if you have not taken measures to enhance your smart phone integrity. Regardless of make, iPhone, Android, and even BlackBerry are susceptible to attacks that, unaddressed, could result in the theft of money, information, and even identity.

With smart phones becoming so popular, it is projected that by 2013 the sales of PCs will become second in line behind smart phones. With this increase, malicious software developers will look toward the smart phone as their greatest opportunity. Even though PC sales currently outweigh smart phone sales, there are currently dangerous programs such as viruses, malware, and spyware that can have serious consequences to the information on your phone. According to a study by Lookout Mobile Security in 2011, infected apps rose from 80 to over 400 in just five months. DroidDream is a malware program found in at least 50 downloadable applications on the Android marketplace. Although Google has taken actions to remove apps that may have malicious intent, care should still be taken when downloading apps. It is good practice to verify that an application developer is genuine by checking ratings of their previously released apps. If anything appears suspicious, it is not a good idea to download.

Many people have invested in iPhones and Blackberries because of the belief that there was no risk of infection for those phones. That, however, is not true. In 2011 a man named Charlie Miller created an application called InstaStock that, on the surface, appeared legitimate, but unbeknownst to the user, would allow the attacker full access to anything on the phone. This is interesting, however; without approval from Apple’s application filtering process, it would never be available for people to download from the app store. Charlie was able to construct the program in such a way that the filtering process by Apple missed any indication of malicious activity. He was able successfully to get a Trojan virus available on the Apple app store. Luckily he was merely proving a point rather than actually trying to collect people’s information. Still if Charlie could do it, there is no guarantee that a similar style app is not already available in the store.

Similar to Android and iPhones, Blackberry devices are equally susceptible to dangerous viruses. Last year a virus named ZeuS was found on a number of Blackberry phones that was capable of a wide range of attacks on a targeted device. The purpose of this malicious software was to collect private banking information from unknowing victims. However, the program also gave an attacker the ability to view, delete, and forward text messages; block calls; and turn the phone on and off remotely. This virus did not have the ability to spread itself to other devices; its means of spreading was through users downloading apps not approved by Blackberry. Once downloaded and installed, the target phone was infected without the user knowing at all. Malware and other viruses can be very dangerous on a smart phone because of the type of information often stored there. Think of anything on your smart phone that you would not want an attacker to access, whether it is pictures, emails, contact information, text messages, or social media profiles. With the proper malware installed, an attacker could easily steal, erase, or track anything on the device. Although malicious applications are dangerous, it is not the only avenue attackers will take to steal your data. Bluetooth is easy to use and very popular with hands-free units for safe driving; this wireless convenience, however, comes with a price. If not properly monitored, active Bluetooth on a device can be used to remotely download any contents without the owner’s knowledge.  With an easy free download from the internet, limited knowledge, and being within at least forty feet of a device, an attacker could steal any information stored on the phone.

Even though keeping your information completely secure on your smart phone seems impossible, there are measures that can be taken to keep your private information safer. To help prevent possible malware and virus attacks, well known anti-virus companies such as Norton, Kaspersky, and AVG have released software that, when installed on your smartphone, will block and notify you of any possible attacks. For safer Bluetooth operation, be sure to keep the Bluetooth on your device off if you do not plan to use it for an extended time. Preventing viruses from downloaded malicious apps is a bit more difficult. When planning to download an application, be sure that (1) the application is coming from a trusted source; (2) the app developer has sufficient ratings to ensure he does not have malicious intent; and (3) once installed, the app does what is expected. If you ensure those three steps when downloading applications, the possibility of infecting your device will be lowered substantially. If on public Wi-Fi, such as in a coffee shop, be sure to limit the amount of sensitive information you transfer to the web. The nature of public Wi-Fi allows anyone to connect, as long as they are in range of the signal. So with easily obtainable software, an attacker could connect to the network and collect your information being transmitted wirelessly.

With smart phones becoming more advanced each year, the more connected people will become with them. This prospect opens many more opportunities for attackers to exploit vulnerabilities and do what they will with your information. Be proactive by securing your smart phone now to prevent a possible attack on your information or even identity in the future.